root@<FQDN of VC>#service-control --start wcp
Operation not cancellable. Please wait for it to finish...
Performing start operation on service wcp...
stderr: Error executing start on service wcp. Details {
"detail": [
{
"id": "install.ciscommon.service.failstart",
"translatable": "An error occurred while starting service '%(0)s'",
"args": [
"wcp"
],
"localized": "An error occurred while starting service 'wcp'"
}
],
"componentKey": null,
"problemId": null,
"resolution": null
}
/var/log/vmware/vmon/vmon.log
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03) host-2515 <wcp> Service pre-start command's stderr: Failed to configure HDCS. Err {hh:mm:ss.X
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "detail": [
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 {
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "id": "install.ciscommon.command.errinvoke",
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "translatable": "An error occurred while invoking external command : '%(0)s'",
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "args": [
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "Error 46 while finding SSO group \"vCLSAdmin\":\ndir-cli failed. Error 1326: Operation failed with error ERROR_LOGON_FAILURE (1326) \n"
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 ],
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "localized": "An error occurred while invoking external command : 'Error 46 while finding SSO group \"vCLSAdmin\":\ndir-cli failed. Error 1326: Operation failed with error ERROR_LOGON_FAILURE (1326) \n'"
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 }
YYYY-MM-DDTXXZ Wa(03)+ host-2515 ],
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "componentKey": null,
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "problemId": null,
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 "resolution": null
YYYY-MM-DDThh:mm:ss.XXXZ Wa(03)+ host-2515 }
YYYY-MM-DDThh:mm:ss.XXXZ Er(02) host-2515 <wcp> Service pre-start command failed with exit code 1.
/var/log/vmware/vmdird/vmdird-syslog.log
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055553222400: _VmDirCpMdbFile: completed making snapshot with file size 32Mb in 1 seconds; data transfer rate: 32.0MB/sec, db last tid: 24589
YYYY-MM-DDThh:mm:ss.XXXZ err vmdird t@140054890526464: SASLSessionStep: sasl error (-13)(SASL(-13): authentication failure: client evidence does not match what we calculated. Probably a password error)
YYYY-MM-DDThh:mm:ss.XXXZ err vmdird t@140054890526464: VmDirSendLdapResult: Request (Bind), Error (LDAP_INVALID_CREDENTIALS(49)), Message ((49)(SASL step failed.)), (0) socket (127.0.0.1)
YYYY-MM-DDThh:mm:ss.XXXZ err vmdird t@140054890526464: Bind Request Failed (127.0.0.1) error 49: Protocol version: 3, Bind DN: "cn=<FQDN of VCENTER>,ou=Domain Controllers,dc=vsphere,dc=local", Method: SASL
YYYY-MM-DDT2hh:mm:ss.XXXZ info vmdird t@140055427397376: MOD 1,rep,certificateRevocationList: (-----BEGIN X509 CRL-----
MIICIzCCAQsCAQEwDQYJKoZIhvcNAQELBQAwgaYxCzAJBgNVBAMMAkNBMRcwFQYK
CZImiZPyLGQBXXXyyyVwaGVyZTEWMBQGCgmSJomT8ixkARkWBmNsc3BwZDELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaYUihJzAlBgNVBAoMHmNsc3BwZHZj
c3AwMS5jbHNwcmVwcm9kLmlibWNsczEbMBkG)
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055427397376: Modify Entry (CN=E91E8F0B4C40A221275985C73F827BB58315476E,CN=Certificate-Authorities,cn=Configuration,dc=vsphere,dc=local, EID 2123)(from 127.0.0.1)(by <FQDN of VCENTER>@vsphere.local)(via Ext)(USN 12318,0)
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055553222400: _VmDirCpMdbFile: making database snapshot with file size 32Mb; will take approximate 1 seconds; 1 updates occurred since last snapshot.
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055553222400: _VmDirCpMdbFile: completed making snapshot with file size 32Mb in 1 seconds; data transfer rate: 32.0MB/sec, db last tid: 24591
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055721010944: VmDirGetAccountUPN success for AccountUPN (workload_storage_management-27789762-bca9-434f-810a-8c83b91b914b@VSPHERE.local)
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055721010944: Srv_RpcVmDirGetAccountUPN success AccountUPN Length (79)
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055419004672: Modify Entry (CN=workload_storage_management-27789762-bca9-434f-810a-8c83b91b914b,cn=ServicePrincipals,dc=vsphere,dc=local, EID 3237)(from )(by )(via Int)(USN 12319,0)
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055419004672: Modify Entry (CN=workload_storage_management-27789762-bca9-434f-810a-8c83b91b914b,cn=ServicePrincipals,dc=vsphere,dc=local, EID 3237)(from )(by )(via Int)(USN 12320,0)
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055419004672: User account control - (cn=workload_storage_management-27789762-bca9-434f-810a-8c83b91b914b,cn=serviceprincipals,dc=vsphere,dc=local): (800010) flag unset, new value=(0)
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055419004672: Password Modification Successful (). Bind DN: "". Modified DN: "CN=workload_storage_management-27789762-bca9-434f-810a-8c83b91b914b,cn=ServicePrincipals,dc=vsphere,dc=local"
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055419004672: VmDirSrvForceResetPassword (workload_storage_management-27789762-bca9-434f-810a-8c83b91b914b@VSPHERE.local)
YYYY-MM-DDhh:mm:ss.XXXZ info vmdird t@140055553222400: _VmDirCpMdbFile: making database snapshot with file size 32Mb; will take approximate 1 seconds; 2 updates occurred since last snapshot.
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055553222400: _VmDirCpMdbFile: completed making snapshot with file size 32Mb in 1 seconds; data transfer rate: 32.0MB/sec, db last tid: 24595
YYYY-MM-DDThh:mm:ss.XXXZ info vmdird t@140055427397376: MOD 1,rep,certificateRevocationList: (-----BEGIN X509 CRL-----
VMware vCenter Server Appliance 7.0.x
VMware vCenter Server Appliance 8.0.x
The issue is only seen if the machine account password is beyond 20 characters which can be tested by setting the "vmwPasswordMinLength" to above 20.
Take offline (powered off) snapshots of all PSC's and VC's in the same vSphere Domain (or in ELM) before attempting. This is standard best practice before making any manual changes to the PSC VMDIRD database.
To resolve the issue, follow below mentioned steps
"shell
" to gain access in shell mode dcAccountPassword
" run below mentioned command /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\services\vmdir]' | egrep -i "Password|dcAccountDN"
+ "dcAccountDN" REG_SZ "cn=<FQDN OF vCenter>=Domain Controllers,dc=example,dc=local"
+ "dcAccountOldPassword" REG_SZ "`<XXXXXXXXXXXXXXXXXXX>"
+ "dcAccountPassword" REG_SZ <XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX>
"dcAccountPassword
" is more that 20 characters then the machine account password needs to be changedservice-control --stop --all && service-control --start --all
NOTE: You may receive an error when you try to run the script:
bash: ./reset_machine_pw.sh: /bin/bash^M: bad interpreter: No such file or directory
This error is caused by DOS carriage returns added to the script when copying from a Windows-based text editor. To resolve this problem:
# sed -i -e 's/\r$//' reset_machine_pw.sh
About vSphere Authentication
For VMware-vSphere 7.X
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-B9C4409A-B053-40C3-96DE-232BB99AAA35.html
For VMware-vSphere 8.X
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-43527B09-63BB-44A6-91D3-E3A470904698.html
"Note: The password policy picks up the maximum length value only if the minimum length is greater than 20 characters. The behavior of the password policy is undefined or could result in failure of services when the minimum length value is greater than 20 characters and the maximum length is set to any value. To avoid a potential problem, leave the minimum length set to the default value of 8 characters, or no greater than 20 characters."